What does it mean its “not a user policy”?!?! “You can assign only a user policy to a specific user”, you are! You know it’s a user policy, you literally just created it. You can see that it’s a user policy. What gives?

You’re moving too fast, this is Office 365. Go get a cup of coffee or a beverage of choice, check your social media, think about what you want to eat next, then try again (the order is important). It should work now, if it doesn’t repeat the above steps with a new beverage.

If you’re me, you’ll forget the next time too and need to check your notes. Hope this helped.

No. No they do not.

For the US and UK at least, domestic and international plans do not count inbound calls at this time. What this means is that if you have a single small 250 minute plan through your Enterprise Agreement, and you make 100 minutes of calls, but receive 200, you’re still fine. You’ve still got 150 minutes left because inbound calls do not count.

If you’re here, it because you’re seeing the error: “Your Office 365 admin has set a conditional access policy that restricts your access to Word Online”

This isn’t my typical area of focus, however I do work a lot with Azure, EMS, and Office 365 in general and a client brought this issue to my attention. Since Google and Bing yielded no results, I thought I’d blog it in case anyone else was searching for it.

In a nutshell, if you configure a Azure AD Conditional Access policy for Exchange Online, your ability to create documents directly from Word Online and Office Online in general becomes blocked. The error message you’ll receive, “Your Office 365 admin has set a conditional access policy that restricts your access to Word Online.” can be seen in the screenshot below.

Here’s the catch, it’s expected behavior and there’s nothing you can do about it at the moment. I have a case open with Microsoft and will update this post if I find more but right now you’re stuck. There are workarounds such as creating the documents directly from OneDrive, and this is noted in the error statement as seen, however that’s a whole user education issue that’s going to be troublesome. When setting up conditional access, you have access to a select group of cloud applications. Some applications, such as Office Online are actually bundled with Exchange Online so when you set access control on one, you’ve set access controls on them all. I’m presuming that since Word Online doesn’t re-prompt you for authentication, you’re not going to get your additional conditional access challenge and you’re simply blocked.

Again, my intention is the update this case if there’s any response from Microsoft as this is escalated other than “expected behavior”.

Many of my customers treat their AudioCodes Mediant (MSBG) IP gateways and session border controllers in a sort of set-it-and-forget-it way. Once it’s set up, it’s just runs, no reboots, no troubles. Not necessarily a great idea from a security standpoint, but it’s stable.

One small item to note, if you have an MSBR, which has additional routing capabilities, 6.8 will continue to be supported. I supposed because I believe there’s no newer firmware supported for those guys, though I’ve heard there’s a way you can convert the device to an MSBG if you’re willing to leverage AudioCodes services to do so.

There may be time where a system was improperly maintained and the services are left in a disabled state, or perhaps you’re performing maintenance and you need those services to stay in a disabled state. Rather than going through them one-by-one and changing the startup-type, here’s a quick PowerShell command you can run to flip all Skype for Business or Lync Server services from Disabled to Automatic (Delayed Start) and vice versa.

To set all Skype and Lync services (not including SQL and IIS) to Automatic (Delayed Start) run the following PowerShell command:

Quick reminder for those of you in the Chicago area, tomorrow night is our quarterly Microsoft Teams and Skype for Business user group.

These are always fun and valuable, and a great place to network with your peers and make those relationships. Vendors and local experts attend regularly as well so it’s a place to get those questions answered too!

This time around there are two sessions, the first I’ll be presenting on Advanced Phone System capabilities for Teams and Skype for Business, the second will be around Bots and development capabilities for all of Microsoft UC. Should be a ton of fun!

I recently found myself in a position with Microsoft Teams where I had to make changes to multiple teams at once, the problem was that the team naming convention in use by the client was practically random as they let their users govern themselves. Finding and selecting them in PowerShell or via the Admin Console was too much trouble. If you’re curious, certain groups needed to be locked down in terms of custom memes and Giphys but I won’t say more than that.

The client had more than they wanted to approach one-by-one and wanted my help building a script. To finish the job, we did a simple hardcoded script but I went away wanting something more flexible. This is the result.

Next steps for this script, are the ability to add an owner or a team member to multiple groups quickly, and a few other niceties that I had in mind. Please let me know if you’d like to see anything added and I’ll do my best to get it in there.

BREAKING NEWS…

I officially have permission from Microsoft to reveal to you that the Standard Edition role is BACK IN Skype for Business 2019. If you remember, at Microsoft Ignite last year it was confirmed that this version would be removed and the only option for Front End pools would be Enterprise Edition. It’s not just small organizations that use this role, very large enterprise corporations also use it in smaller branch offices where survivable branch appliances (SBA) just aren’t a good fit. While it is possible to have a single front end in an Enterprise pool, a full version of SQL was still required, which could be costly in small organizations and even branch office scenarios.

I want to give a special thank you to Microsoft for reconsidering this feature, and all of you that voted and commented in the feedback link below (though you don’t need to anymore).

TeamsRecap (if you don’t subscribe you should) is MVP Josh Blalock’s video series that keeps you up to date on Microsoft Teams and Skype and walks through what the news is and what it means. It’s a convenient way to keep up to date if you find the constant announcements of new features a bit too much. Honestly, Teams is one of the fastest developing projects I’ve seen at Microsoft and they are keeping true to the roadmap and hitting those dates. Josh’s show is very interesting to watch, super valuable, and an easy way to stay current.

Josh was kind enough to let me visit for one of his shows, and I want to thank him for that. It was a fun time and a great experience.

Thank you Josh!

Now that calling in Teams is GA, you may be wondering, what happens when you call 911 with Microsoft Phone System using a desk phone or full client? I cover that in more detail in another blog post, but basically the call is intercepted by a certified 911 operator and they confirm that you’re in the location assigned to you in the portal before delivering your call, if not, they correct it and get you to the correct emergency dispatch (PSAP).

But what if you’re using your mobile client with Skype for Business or Teams? It doesn’t matter if you’re in the cloud or not, if you’re using Microsoft as a telephone provider or not (though this is the only way to get Teams), that call will go through your cell phone provider.

Why? Well, there’s a few reasons. The first is simply that it’s an external connection, and we can’t locate you (no LIS or location information service) if you’re connected through an Edge server. But in the cloud EVERYONE is connected through an Edge server and there’s no dynamic location services yet anyway. Well, Microsoft assumes and rightly so, that your cell phone’s GPS is going to do a better job of locating you than whichever service you may be employing.

Too afraid to test out E911 calling on the mobile clients? No problem, I did it for you!

Here we are making a call from the Skype for Business Mobile client. This is an iPhone, so once you hit the call button, it sends the call to the mobile phone which asks me to confirm the call by hitting the Call button again. Once I hit that, I’m on the line with police using my mobile phone only.

And now that calling is available in Teams, let’s make the same call from the Teams Mobile client to make sure they didn’t forget this important feature. Of course they didn’t, and it’s the exact same experience.

It’s always important to test E911 services with any solution. However, to avoid fines and to simply be considerate, please call your local dispatch’s non-emergency number first and ask permission to find out if it’s a good time. In some metropolitan locations you will need to schedule your test calls in advance to avoid fines. In the suburbs, they don’t always have many calls happening and you may be OK to make that call immediately after you ask permission. When they answer, remember that your first statement should be that the call is not an emergency, but rather a test. Ask them to provider the phone number and location you’re calling from to validate your deployment, and ALWAYS BE POLITE!